pruzko / hakuin Goto Github PK

Hakuin currently extracts non-textual data types with binary search. This can be done more efficiently.

Int:

• guessing
• check if all positive
• model the values with Gaussian distribution and set initial lower and upper bounds to -2 and +2 sigma respectively
• dynamic

Float:

• guessing
• check if all positive
• dynamic

Bytes:

• guessing
• dynamic just like for text, i.e., unigram/fivegram predictions

Implement a wrapper tool hk.py that can be quickly used to call Hakuin's basic functionality without the need to write your own python scripts.

Currently, Hakuin supports only ASCII extraction. Extending the implementation to include Unicode characters requires only minor changes to the extraction logic and few new queries.

Hakuin now requires users to specify which DBMS engine is used by the target. This is not practical, because users have to obtain this information manually prior to extraction. Hakuin should include a set of test queries that detect the DBMS automatically.

Like with #10, Hakuin should be able to extract all databases.

Hakuin currently extracts texts, ints, floats, and blobs. There are, however, other (possibly DBMS-specific) data types, such as polygon, json, and more. If possible, Hakuin should cast them to text and extract them.

Currently, Hakuin can only extract text columns.

Support extraction of other data types, such as integers, floats, bytes, dates, etc.

Hakuin currently supports only SQLite and MySQL DBMSs, but there are other popular engines.

Hakuin should support:

• SQLite
• MySQL
• Oracle
• Microsoft SQL Server
• PostgreSQL
• Microsoft Access
• IBM DB2

Hakuin blocks on sending requests. This is not necessary. Instead, there should be multiple tasks extracting column rows independently.

Implementing this feature will require some sync code as the tasks share the same language models.

Hakuin does not check NULL values before attempting to extract columns. This may lead to wrong results.

Hakuin should check NULL values in a similar fashion as it checks ASCII values, i.e., first on the column level and then on the row level.

It is (typically) possible to extract all schemas from vulnerable web applications, but Hakuin now only extracts the default one, the one that the application is connected to. Supporting extraction of all schemas should only require rewriting the injected queries to take the DB name into consideration. For instance, users will become dbo.users.